#19 Tests

* adds EcoAccount tests
* fixes bugs found by testing

compensation/tests/test_views.py

@@ -17,8 +17,6 @@ class CompensationViewTestCase(BaseViewTestCase):
     These tests focus on proper returned views depending on the user's groups privileges and login status
 
     """
-    comp_state = None
-    comp_action = None
 
     @classmethod
     def setUpTestData(cls) -> None:
@@ -224,3 +222,185 @@ class CompensationViewTestCase(BaseViewTestCase):
         ]
         self.assert_url_fail(client, fail_urls)
         self.assert_url_success(client, success_urls)
+
+
+class EcoAccountViewTestCase(CompensationViewTestCase):
+    """
+    These tests focus on proper returned views depending on the user's groups privileges and login status
+
+    EcoAccounts can inherit the same tests used for compensations.
+
+    """
+    comp_state = None
+    comp_action = None
+
+    @classmethod
+    def setUpTestData(cls) -> None:
+        super().setUpTestData()
+        state = cls.create_dummy_states()
+        cls.eco_account.before_states.set([state])
+        cls.eco_account.after_states.set([state])
+
+        action = cls.create_dummy_action()
+        cls.eco_account.actions.set([action])
+
+        # Prepare urls
+        cls.index_url = reverse("compensation:acc-index", args=())
+        cls.new_url = reverse("compensation:acc-new", args=())
+        cls.new_id_url = reverse("compensation:acc-new-id", args=())
+        cls.detail_url = reverse("compensation:acc-detail", args=(cls.eco_account.id,))
+        cls.log_url = reverse("compensation:acc-log", args=(cls.eco_account.id,))
+        cls.edit_url = reverse("compensation:acc-edit", args=(cls.eco_account.id,))
+        cls.remove_url = reverse("compensation:acc-remove", args=(cls.eco_account.id,))
+        cls.report_url = reverse("compensation:acc-report", args=(cls.eco_account.id,))
+        cls.state_new_url = reverse("compensation:acc-new-state", args=(cls.eco_account.id,))
+        cls.action_new_url = reverse("compensation:acc-new-action", args=(cls.eco_account.id,))
+        cls.deadline_new_url = reverse("compensation:acc-new-deadline", args=(cls.eco_account.id,))
+        cls.new_doc_url = reverse("compensation:acc-new-doc", args=(cls.eco_account.id,))
+        cls.state_remove_url = reverse("compensation:acc-state-remove", args=(cls.eco_account.id, cls.comp_state.id,))
+        cls.action_remove_url = reverse("compensation:acc-action-remove", args=(cls.eco_account.id, cls.comp_action.id,))
+
+    def test_logged_in_no_groups_shared(self):
+        """ Check correct status code for all requests
+
+        Assumption: User logged in and has no groups and data is shared
+
+        Returns:
+
+        """
+        client = Client()
+        client.login(username=self.superuser.username, password=self.superuser_pw)
+        self.superuser.groups.set([])
+        self.eco_account.users.set([self.superuser])
+
+        # Since the user has no groups, it does not matter that data has been shared. There SHOULD not be any difference
+        # to a user without access, since the important permissions are missing
+        success_urls = [
+            self.index_url,
+            self.detail_url,
+            self.report_url,
+        ]
+        fail_urls = [
+            self.new_url,
+            self.new_id_url,
+            self.log_url,
+            self.edit_url,
+            self.remove_url,
+            self.state_new_url,
+            self.action_new_url,
+            self.deadline_new_url,
+            self.state_remove_url,
+            self.action_remove_url,
+            self.new_doc_url,
+        ]
+
+        self.assert_url_success(client, success_urls)
+        self.assert_url_fail(client, fail_urls)
+
+    def test_logged_in_no_groups_unshared(self):
+        """ Check correct status code for all requests
+
+        Assumption: User logged in and has no groups and data is shared
+
+        Returns:
+
+        """
+        client = Client()
+        client.login(username=self.superuser.username, password=self.superuser_pw)
+        self.superuser.groups.set([])
+        self.eco_account.users.set([])
+
+        # Since the user has no groups, it does not matter that data is unshared. There SHOULD not be any difference
+        # to a user having shared access, since all important permissions are missing
+        success_urls = [
+            self.index_url,
+            self.detail_url,
+            self.report_url,
+        ]
+        fail_urls = [
+            self.new_url,
+            self.new_id_url,
+            self.log_url,
+            self.edit_url,
+            self.remove_url,
+            self.state_new_url,
+            self.action_new_url,
+            self.deadline_new_url,
+            self.state_remove_url,
+            self.action_remove_url,
+            self.new_doc_url,
+        ]
+
+        self.assert_url_success(client, success_urls)
+        self.assert_url_fail(client, fail_urls)
+
+    def test_logged_in_default_group_shared(self):
+        """ Check correct status code for all requests
+
+        Assumption: User logged in, is default group member and data is shared
+        --> Default group necessary since all base functionalities depend on this group membership
+
+        Returns:
+
+        """
+        client = Client()
+        client.login(username=self.superuser.username, password=self.superuser_pw)
+        group = self.groups.get(name=DEFAULT_GROUP)
+        self.superuser.groups.set([group])
+        # Sharing is inherited by base intervention for compensation. Therefore configure the interventions share state
+        self.eco_account.users.set([self.superuser])
+
+        success_urls = [
+            self.index_url,
+            self.detail_url,
+            self.report_url,
+            self.new_url,
+            self.new_id_url,
+            self.edit_url,
+            self.state_new_url,
+            self.action_new_url,
+            self.deadline_new_url,
+            self.state_remove_url,
+            self.action_remove_url,
+            self.new_doc_url,
+            self.log_url,
+            self.remove_url,
+        ]
+        self.assert_url_success(client, success_urls)
+
+    def test_logged_in_default_group_unshared(self):
+        """ Check correct status code for all requests
+
+        Assumption: User logged in, is default group member and data is NOT shared
+        --> Default group necessary since all base functionalities depend on this group membership
+
+        Returns:
+
+        """
+        client = Client()
+        client.login(username=self.superuser.username, password=self.superuser_pw)
+        group = self.groups.get(name=DEFAULT_GROUP)
+        self.superuser.groups.set([group])
+        self.eco_account.users.set([])
+
+        success_urls = [
+            self.index_url,
+            self.detail_url,
+            self.report_url,
+            self.new_id_url,
+            self.new_url,
+        ]
+        fail_urls = [
+            self.edit_url,
+            self.state_new_url,
+            self.action_new_url,
+            self.deadline_new_url,
+            self.state_remove_url,
+            self.action_remove_url,
+            self.new_doc_url,
+            self.log_url,
+            self.remove_url,
+        ]
+        self.assert_url_fail(client, fail_urls)
+        self.assert_url_success(client, success_urls)
+

compensation/views/eco_account_views.py

@@ -26,7 +26,8 @@ from konova.forms import RemoveModalForm, SimpleGeomForm, NewDocumentForm, Recor
 from konova.settings import DEFAULT_GROUP, ZB_GROUP, ETS_GROUP
 from konova.utils.documents import get_document, remove_document
 from konova.utils.generators import generate_qr_code
-from konova.utils.message_templates import IDENTIFIER_REPLACED, FORM_INVALID, DATA_UNSHARED, DATA_UNSHARED_EXPLANATION
+from konova.utils.message_templates import IDENTIFIER_REPLACED, FORM_INVALID, DATA_UNSHARED, DATA_UNSHARED_EXPLANATION, \
+    CANCEL_ACC_RECORDED_OR_DEDUCTED
 from konova.utils.user_checks import in_group
 
 
@@ -120,6 +121,7 @@ def new_id_view(request: HttpRequest):
 
 @login_required
 @default_group_required
+@shared_access_required(EcoAccount, "id")
 def edit_view(request: HttpRequest, id: str):
     """
     Renders a view for editing compensations
@@ -225,6 +227,8 @@ def detail_view(request: HttpRequest, id: str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def remove_view(request: HttpRequest, id: str):
     """ Renders a modal view for removing the eco account
 
@@ -236,6 +240,15 @@ def remove_view(request: HttpRequest, id: str):
 
     """
     acc = get_object_or_404(EcoAccount, id=id)
+
+    # If the eco account has already been recorded OR there are already deductions, it can not be deleted by a regular
+    # default group user
+    if acc.recorded is not None or acc.deductions.exists():
+        user = request.user
+        if not in_group(user, ETS_GROUP):
+            messages.info(request, CANCEL_ACC_RECORDED_OR_DEDUCTED)
+            return redirect("compensation:acc-detail", id=id)
+
     form = RemoveModalForm(request.POST or None, instance=acc, user=request.user)
     return form.process_request(
         request=request,
@@ -246,6 +259,7 @@ def remove_view(request: HttpRequest, id: str):
 
 @login_required
 @default_group_required
+@shared_access_required(EcoAccount, "id")
 def deduction_remove_view(request: HttpRequest, id: str, deduction_id: str):
     """ Renders a modal view for removing deductions
 
@@ -272,6 +286,7 @@ def deduction_remove_view(request: HttpRequest, id: str, deduction_id: str):
 
 @login_required
 @default_group_required
+@shared_access_required(EcoAccount, "id")
 def log_view(request: HttpRequest, id: str):
     """ Renders a log view using modal
 
@@ -297,6 +312,7 @@ def log_view(request: HttpRequest, id: str):
 
 @login_required
 @conservation_office_group_required
+@shared_access_required(EcoAccount, "id")
 def record_view(request: HttpRequest, id:str):
     """ Renders a modal form for recording an eco account
 
@@ -318,6 +334,8 @@ def record_view(request: HttpRequest, id:str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def state_new_view(request: HttpRequest, id: str):
     """ Renders a form for adding new states for an eco account
 
@@ -337,6 +355,8 @@ def state_new_view(request: HttpRequest, id: str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def action_new_view(request: HttpRequest, id: str):
     """ Renders a form for adding new actions for an eco account
 
@@ -400,6 +420,8 @@ def action_remove_view(request: HttpRequest, id: str, action_id: str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def deadline_new_view(request: HttpRequest, id: str):
     """ Renders a form for adding new states for an eco account
 
@@ -419,6 +441,8 @@ def deadline_new_view(request: HttpRequest, id: str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def new_document_view(request: HttpRequest, id: str):
     """ Renders a form for uploading new documents
 
@@ -437,6 +461,7 @@ def new_document_view(request: HttpRequest, id: str):
 
 
 @login_required
+@default_group_required
 def get_document_view(request: HttpRequest, doc_id: str):
     """ Returns the document as downloadable file
 
@@ -463,6 +488,8 @@ def get_document_view(request: HttpRequest, doc_id: str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def remove_document_view(request: HttpRequest, doc_id: str):
     """ Removes the document from the database and file system
 
@@ -484,6 +511,7 @@ def remove_document_view(request: HttpRequest, doc_id: str):
 
 @login_required
 @default_group_required
+@shared_access_required(EcoAccount, "id")
 def new_deduction_view(request: HttpRequest, id: str):
     """ Renders a modal form view for creating deductions
 
@@ -601,6 +629,7 @@ def share_view(request: HttpRequest, id: str, token: str):
 
 @login_required
 @default_group_required
+@shared_access_required(EcoAccount, "id")
 def create_share_view(request: HttpRequest, id: str):
     """ Renders sharing form for an eco account